The Federal Trade Commission (FTC) is going ahead with plans to apply its new “Red Flag Rule” regulations to physician practices beginning August 1.

According to the Rule, practices that accept health insurance or permit patients to pay in installment plans must implement written policies and procedures that protect against identity theft before that date, or risk being docked up to $2,500 for each “knowing violation.”

Medical identity theft occurs when a perpetrator uses someone’s identifying information, such as name, Social Security number, insurance coverage data or credit card number, without that person’s knowledge or consent, to obtain or make false claims for medical products or services.

A “red flag” is a pattern, practice or specific account or record activity that indicates possible identity theft.

The American Medical Association has objected to the FTC’s claim that a physician is a “creditor” and hence subject to the Red Flag Rule. It is attempting to delay or prevent implementation of the Rule to physician practices.

The AMA has nevertheless prepared a guidance document and sample policies for physician practices. These can be found here and here.

Contact your local Board of Registration in Medicine or the AMA for more information.